Who's Winning the Cyber Encryption Debate?

The debate over encryption—whether tech companies should be required to maintain the ability to decrypt communications pursuant to a lawful government request—dragged on throughout 2015. The year started with a bang, as evidence was released suggesting that the National Security Agency had the ability to break certain virtual private network protocols and it had access to the encryption keys that major telecommunications providers use to encrypt network traffic. It ended with the debate back in the spotlight, as politicians mulled the need to weaken encryption in the wake of terrorist attacks in Paris and San Bernardino, California. (For a solid recap of what’s what in encryption, see this FAQ published by ProPublica.)

The format of this debate has become almost ritualized. Something bad happens. Politicians, law enforcement agents, and intelligence officials claim that encryption helped enable the bad thing or prevented them from stopping the bad thing. Privacy advocates, security researchers, and representatives of the tech industry respond that there was no evidence that was the case, and that weakening encryption would be even worse than the bad thing. The debate then dies down for a bit, nothing having been accomplished. Rinse, repeat.